diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-02-24 11:16:27 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-02-24 11:16:27 +0000 |
commit | 9288e0dd73b958c409223e5bcecf6bd24ac30632 (patch) | |
tree | 033e7c3a8c6d0c37e020decf13480cca22b77eeb /sbin | |
parent | 78101a8cbe3da4477e4fe23a4498d6433767787b (diff) |
Check for 'source-track rule' with 'max-src-nodes'.
ok cedric@ henning@
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/pfctl/parse.y | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 17254390222..39e7e4df0ec 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.441 2004/02/11 18:34:51 cedric Exp $ */ +/* $OpenBSD: parse.y,v 1.442 2004/02/24 11:16:26 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -3399,6 +3399,10 @@ filter_consistent(struct pf_rule *r) yyerror("return-rst can only be applied to TCP rules"); problems++; } + if (r->mak_src_nodes && !(r->rule_flag & PFRULE_RULESRCTRACK)) { + yyerror("max-src-nodes requires 'source-track rule'"); + problems++; + } if (r->action == PF_DROP && r->keep_state) { yyerror("keep state on block rules doesn't make sense"); problems++; |